gnucash master: Bug 747377: Fix overly restrictive input validation for IBAN of SEPA transfer.

Christian Stimming cstim at code.gnucash.org
Sun Apr 12 16:28:23 EDT 2015


Updated	 via  https://github.com/Gnucash/gnucash/commit/c46c0a9e (commit)
	from  https://github.com/Gnucash/gnucash/commit/c97ab473 (commit)



commit c46c0a9e791fbea691c3816be432bbfbcc4fc8e5
Author: Christian Stimming <christian at cstimming.de>
Date:   Sun Apr 12 22:26:31 2015 +0200

    Bug 747377: Fix overly restrictive input validation for IBAN of SEPA transfer.
    
    Only in some countries the IBAN is really restricted to numeric-only
    (most notably in Germany, "DE"). In some other countries parts of the
    IBAN may be alphas. These checks could be extended for more countries,
    but since aqbanking with the SEPA transfers is used mostly in Germany,
    we just leave it with the exception rule for Germany.

diff --git a/src/import-export/aqb/dialog-ab-trans.c b/src/import-export/aqb/dialog-ab-trans.c
index 93d1216..67a3687 100644
--- a/src/import-export/aqb/dialog-ab-trans.c
+++ b/src/import-export/aqb/dialog-ab-trans.c
@@ -1348,16 +1348,53 @@ gnc_ab_trans_dialog_ibanentry_filter_cb (GtkEditable *editable,
 
         if (gnc_ab_trans_isSEPA(td->trans_type))
         {
-            // SEPA: Only alphas in the first two places (only upper case, though), then only digits
+            enum {
+                ALPHA
+                , ALNUM
+                , NUMERIC
+            } allowed_characterclass;
+
+            // SEPA: Only alphas in the first two places (at index 0, 1)
             if (*position + i < 2)
             {
-                if (g_ascii_isalpha(c))
-                    g_string_append_c(result, g_ascii_toupper(c));
+                allowed_characterclass = ALPHA;
             }
+            // SEPA: Next two places are digits only (index 2, 3)
+            else if (*position + i < 4)
+            {
+                allowed_characterclass = NUMERIC;
+            }
+            // SEPA: The rest depends on the country code: Either Alpha-numeric or numeric only
             else
             {
+                const gchar* acct_text = gtk_entry_get_text(GTK_ENTRY(td->recp_account_entry));
+                // Special case for German ("DE") IBAN: Numeric only. Otherwise allow alpha-numeric
+                if (acct_text[0] == 'D' && acct_text[1] == 'E')
+                {
+                    allowed_characterclass = NUMERIC;
+                }
+                else
+                {
+                    allowed_characterclass = ALNUM;
+                }
+            }
+
+            // Do the actual character class check. Alphas are only allowed in
+            // uppercase, though.
+            switch (allowed_characterclass)
+            {
+            case ALPHA:
+                if (g_ascii_isalpha(c))
+                    g_string_append_c(result, g_ascii_toupper(c));
+                break;
+            case ALNUM:
+                if (g_ascii_isalnum(c))
+                    g_string_append_c(result, g_ascii_toupper(c));
+                break;
+            case NUMERIC:
                 if (g_ascii_isdigit(c))
                     g_string_append_c(result, c);
+                break;
             }
         }
         else



Summary of changes:
 src/import-export/aqb/dialog-ab-trans.c | 43 ++++++++++++++++++++++++++++++---
 1 file changed, 40 insertions(+), 3 deletions(-)



More information about the gnucash-changes mailing list